Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

As we continue our look at the PYZ Technology Case Study for the course, you will continue to build out your Technology Strategy and Security

As we continue our look at the PYZ Technology Case Study for the course, you will continue to build out your Technology Strategy and Security Policy Overview. This week, you will make an Objectives Identification table that is similar to the table is shown in Chapter 7, Figure 7.1 of Stackpole and Oksendahl. Focus on 2 of the 6 basic attack scenarios and 2 of the 7-system network attack scenarios.

Include the following in your table:

  • Name of Attack
  • Security Tactic
  • Description
  • Response if Breached
  • Applicable Principle
    • This will determine which of the defined principles drives your tactic.
image text in transcribedimage text in transcribed
1. System flaws-Exploit weakness in the operating system, services, hardware, firmware, or software, including coding errors (e.g., buffer overflows) or architecture flaws (e.g., Remote Procedure Call [RPCD). 2. Configuration flaws-Exploit errors in the system configuration, including blank or default passwords; enable anonymous or guest accounts and incorrect share of file permissions (e.g., EVERYONE Read/Write). 3. Unsecured trusts-Exploit trusts with other systems by poisoning domain naming services (DNS), routing and address resolution entries, or using existing database or Distributed Component Object Model (DCOM) connections to compromise data. 4. Malware infection-Implant a piece of malicious code on the system using an e-mail attachment, a malicious download, or a drive-by-attack website. 5. User impersonation-Compromise a legitimate user's credentials by guessing or cracking their password, getting them to disclose it (e.g., phishing), or by capturing it with a man-in- the-middle system or a sniffer. 6. Process flaws-Become a user on the system by gaming the provisioning process, or con- vincing (or coercing) someone to create an account for you (i.e., social engineering).1. System flaws a. Data access-Exploit weaknesses in the operating system, hardware, firmware, protocol, or services to access data (e.g., cracking wireless encryption) or to access other networks (e.g., virtual local area network [VLAN] hopping). b. Denial of Service-Exploit a weakness in a transit node to cause it to fail (e.g., Ping of Death), slowdown (e.g., starvation attack), or malfunction sending data into a black hole. 2. Passive wiretapping-Capture data or credentials in transit on a link using a sniffer or a man-in-the-middle system. 3. Data insertion-Write data to the link such as a cookie or a packet with credentials to gain access to a resource. 4. Node impersonation-Become or compromise a transit node on the link to capture the data or credentials passing through it or to redirect traffic to another system. 5. Configuration flaw-Exploit the configuration of a transit node to gain access and redirect traffic to another system (e.g., ARP, routing or DNS poisoning). 6. End-point impersonation-Appear to be the legitimate end point of the link by cloning the real system or by DNS poisoning. 7. Process flaws-Become a permitted node on the link by convincing or coercing someone to add your transit node to the network. Once attached it can be used to capture data and credential

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image_2

Step: 3

blur-text-image_3

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Hospitality Finance And Accounting Essential Theory And Practice

Authors: Rob Van Ginneken

1st Edition

0429015119, 9780429015113

More Books

Students also viewed these General Management questions

Question

What do you mean by dual mode operation?

Answered: 1 week ago

Question

Explain the difference between `==` and `===` in JavaScript.

Answered: 1 week ago

Question

Context, i.e. the context of the information presented and received

Answered: 1 week ago